Keys

The combinations of encryption and decryption algorithms constitute cryptographic systems, or cryptosystems. Cryptosystems are controlled by a cryptographic key, or set of keys.

Symmetric cryptosystems are also called shared-key, since both the encryption and decryption processes use essentially the same key, whereas asymmetric cryptosystems are also known as public-key, as encryption and decryption use different keys. With public-key cryptosystems, there are two keys: an encryption key, which can be made public without implying disclosure of the other key, and the decryption (private) key.

The use of cryptosystems to protect and manage information is an important aspect of secure information systems. According to NIST Special Publication 800-133, Recommendation for Cryptographic Key Generation, "Cryptography provides strong protection for information technology (IT) systems, applications, and information, especially when information is sensitive, has a high value, or is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. Cryptographic methods can be used to maintain the confidentiality and integrity of information, verify that information was not changed after it was sent, and authenticate the originator of the information" (NIST, 2012).

Forensic examiners will encounter cryptosystems and key management when dealing with many types of information and file formats, including email, whole disk encryption, files, and applications. Of particular interest to an investigator are the cryptographic keys; if passwords can be retrieved, then the opportunity to break the cryptosystem improves, uncovering data and information that was intentionally protected.

References

NIST. (2012).  Recommendation for cryptographic key generation: Special Publication 800-133. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133.pdf.